Rewterz Threat Advisory – CVE-2021-21389 – WordPress BuddyPress Plugin Privilege Escalation
August 4, 2021Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
August 4, 2021Rewterz Threat Advisory – CVE-2021-21389 – WordPress BuddyPress Plugin Privilege Escalation
August 4, 2021Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
August 4, 2021Severity
Medium
Analysis Summary
AZORult is a payment card and credential information stealer. It was sold on Russian underground forums as a means to collect sensitive information from infected systems. The malware is also able to steal cookies, browsing history, cryptocurrency, and ID/passwords. Exploits such as phishing emails and Fallout Exploit Kit (EK) paired with social engineering techniques are major infection vectors of the AZORult malware. The malware can also be used as a loader to download other malware.
Impact
- Information Theft
- Credential Theft
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- fcb9b4a7e6923c8bcffd26abe6b5008b
- c69be34ab41565847dfaa5fe2fe10aea
- 51c57265cbf5f196c2b893c1d60baa76
- 47b0d016daf42fa5cda473bea50717b9
- fe3a7e0cdc77fe60c29844d9195d7c51
- 15f48bc8803364e984d22700ea67f2b3
SHA-256
- 6f89c43eb5e4f901d016894089d35cc48911a5feb7e8a2403c4b187bab13f938
- b09035766d93ad0b6e6c4565c7ef9eafc3d8506c29f6a0c3b9103aa2e8527463
- 61adff4631db24263951338bc5d2fce316abad6def0f37bd27319875c7ce25f2
- 8f1705785b8c87a9f1d3f1fd81d9654e082d6ed5a3aeda88093ad362d88c7f3b
- 0978c6e9a1e62df2bf68b5cebd60dd4b8ac1ead3077c561bf420bfaf8d7be2ee
- 572219c5a55a6fd911cbb757de962043094a7d6d2f51a4e6f18c092a1bc4e07b
SHA-1
- bcd676a08b9e076725e5d1185085a2e13a03fa56
- f0d0b194dbd7997abd36e7de023c5b4b50043dbb
- fa530e7cc913189f13d6708969476f4d8c2b9393
- 4d68162bad4e1c7033dd28cc90e84740822969c8
- 7ac914215df0925d870f4d7280d37c1d79cf8a81
- 7662c9e1982d67959741b3aa72e153daeed7a4d6
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment